Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/04/02 2:46 p.m.15 views

CVE-2026-34820 Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2026-29828

DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.11 views

CVE-2025-11886

The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctlarcadelitepagemanagegames' page. This makes it possible for unauthenticated attackers to deactivate and...

4.3CVSS5.4AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2025/11/04 4:27 a.m.22 views

CVE-2025-12400

CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...

6.1CVSS5AI score0.00142EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.5 views

WordPress plugin LMB Box Smileys 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

6.1CVSS6.3AI score0.00142EPSS
Exploits0References4
OSV
OSV
added 2025/06/29 7:15 p.m.12 views

CVE-2025-6868

A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit...

7.2CVSS5.8AI score0.00354EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.6 views

CVE-2023-1054

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of...

9.8CVSS8.3AI score0.00463EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-15725 · WordPress · Insert Php Code Snippet

Name of the Vulnerable Software and Affected Versions: Insert PHP Code Snippet plugin for WordPress versions up to, and including, 1.3.4 Description: The issue allows for Stored Cross-Site Scripting via the user's name when accessing the "insert-php-code-snippet-manage" page due to insufficient...

4.8CVSS5.4AI score0.00337EPSS
Exploits0References5
OSV
OSV
added 2023/02/27 11:15 a.m.3 views

CVE-2023-1054

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of...

9.8CVSS5.7AI score0.00463EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/24 2:15 a.m.2 views

CVE-2022-32404

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageinmate.php:3...

8.8CVSS7.4AI score0.01171EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/01/27 12:0 a.m.5 views

PT-2020-10450 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 Description: A potential Reflected Cross-Site Scripting XSS issue has been identified in defining a scope in the "manage the API" page of the API Publisher. Recommendations: For WSO2 API Manager version 2.6.0,...

4.8CVSS3.9AI score0.01031EPSS
Exploits1References6
CNVD
CNVD
added 2018/01/28 12:0 a.m.2 views

File upload vulnerability in BootCMS manage.php page

BootCMS is an open source content management system that runs under PHP + MySQL and is protected by a GPL license. A file upload vulnerability exists in the BootCMS manage.php page. An attacker can exploit the vulnerability to control server privileges by uploading a script Trojan...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/08/01 12:0 a.m.4 views

Universal Password Login Vulnerability in Longcai MX of Longcai Technology Inc.

Longcai MX is a marketing website that caters to consumer needs and buying desires. A universal password login vulnerability exists in the '/manage' page of Longcai MX under Longcai Technology. An attacker can exploit the vulnerability to log into the system backend, view sensitive information or...

6.8AI score
Exploits0
OSV
OSV
added 2017/02/17 5:59 p.m.15 views

CVE-2016-5364

Cross-site scripting XSS vulnerability in managecustomfieldeditpage.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter...

6.1CVSS5.8AI score
Exploits0References4
Rows per page
Query Builder